Lucene search
K

261 matches found

Prion
Prion
added 2021/06/11 4:15 p.m.21 views

Information disclosure

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...

4.3CVSS6.2AI score0.01368EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/06/11 3:49 p.m.47 views

CVE-2021-22913

Nextcloud Deck prior to 1.2.7 and 1.4.1 is affected by an information disclosure vulnerability where searches for sharees are sent to the lookup server by default instead of the local Nextcloud server, unless a global search is explicitly chosen. The underlying issue is that the search requests a...

6.5CVSS6.1AI score0.01368EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/06/11 3:49 p.m.22 views

CVE-2021-22913

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...

6.4AI score0.01368EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/04 12:0 a.m.4 views

Deck 信息泄露漏洞

Deck is a Kanban style organization tool. Designed for personal planning and project organization for teams integrated with Nextcloud. An information disclosure vulnerability exists in Deck that stems from allowing shared searches to be performed on the lookup server by default. A remote attacker...

6.5CVSS6.5AI score0.01368EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2021/06/01 6:0 p.m.35 views

Nextcloud deck sharee search leaks searches to lookupserver by default

None...

6.5CVSS6.4AI score0.01368EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2021/04/18 8:17 p.m.21 views

Nextcloud: Nextcloud deck sharee search leaks searches to lookupserver by default

So, in short this is related to the other 2 reports https://hackerone.com/reports/1167916 and https://hackerone.com/reports/1167919 While I could not find deck on your h1 page. I kind of assume it is in scope as well as this is something you sell with the 'groupware' subscription...

4.3CVSS6.4AI score0.01368EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/03/05 6:49 a.m.190 views

EFB Tampering 1. Introduction and Class Differences

TL;DR Electronic flight bags EFBs are devices that flight crews use to help with flight management tasks Different airlines use different devices e.g. iPads, netbooks, custom devices Some are carried on by flight crew, others are built-in to the cockpit Some important functions are carried out by...

7AI score
Exploits0
CNVD
CNVD
added 2021/02/25 12:0 a.m.8 views

Nextcloud Deck Access Control Error Vulnerability (CNVD-2021-12652)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...

4.3CVSS6.5AI score0.01339EPSS
Exploits1References1
NVD
NVD
added 2021/02/23 7:15 p.m.19 views

CVE-2020-8297

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

4.3CVSS0.01339EPSS
Exploits1References3
OSV
OSV
added 2021/02/23 7:15 p.m.20 views

CVE-2020-8297

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

4.3CVSS6.8AI score
Exploits0References3
Prion
Prion
added 2021/02/23 7:15 p.m.16 views

Design/Logic Flaw

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

4CVSS4.6AI score0.01339EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/02/23 6:28 p.m.19 views

CVE-2020-8297

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

4.5AI score0.01339EPSS
Exploits1References3
CVE
CVE
added 2021/02/23 6:28 p.m.58 views

CVE-2020-8297

CVE-2020-8297 affects Nextcloud Deck prior to 1.0.2, with an insecure direct object reference (IDOR) that lets a user with a duplicate username access deck data belonging to a previously deleted user. The issue stems from access control handling in the Deck app and is confirmed by multiple source...

4.3CVSS4.5AI score0.01339EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.9 views

Nextcloud Deck 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...

4.3CVSS5.8AI score0.01339EPSS
Exploits1References4
CNVD
CNVD
added 2020/10/20 12:0 a.m.4 views

Nextcloud Deck Information Disclosure Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck 1.0.4, which stems from a lack of access control and can be exploited by an attacker to view all attachments...

4.3CVSS6.8AI score0.00781EPSS
Exploits1References1
CNVD
CNVD
added 2020/10/20 12:0 a.m.5 views

Nextcloud Deck Access Control Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck version 0.8.0, which stems from a failure of proper access control and can be exploited by an attacker to...

8CVSS6.8AI score0.01035EPSS
Exploits1References1
NVD
NVD
added 2020/10/05 2:15 p.m.32 views

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

4.3CVSS0.00781EPSS
Exploits1References2
NVD
NVD
added 2020/10/05 2:15 p.m.30 views

CVE-2020-8182

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...

8CVSS0.01035EPSS
Exploits1References2
OSV
OSV
added 2020/10/05 2:15 p.m.16 views

CVE-2020-8182

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...

8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2020/10/05 2:15 p.m.14 views

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

4.3CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder